Change to guest logon code.

This changes the way we process guest logons - we now treat them as normal
logons, but set the 'guest' flag.  In particular this is needed becouse Win2k
will do an NTLMSSP login with username "", therefore missing our previous guest
connection code - this is getting a pain to do as a special case all over the
shop.

Tridge:  We don't seem to be setting a guest bit for NTLMSSP, in either the
anonymous or authenticated case, can you take a look at this?

Also some cleanups in the check_password() code that should make some of the
debugs clearer.

Various other minor cleanups:

 - change the session code to just take a vuser, rather than having to do a
   vuid lookup on vuser.vuid

 - Change some of the global_client_caps linking

 - Better debug in authorise_login(): show the vuid.

Andrew Bartlett
(This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)

1 files changed, 8 insertions, 1 deletions

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 44faefb645..1aa58f5274 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -597,7 +597,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 
 	free_user_info(&user_info);
 	
-	DEBUG(5, ("_net_sam_logon: exiting with status %s\n", 
+	DEBUG(5, ("_net_sam_logon: check_password returned status %s\n", 
 		  get_nt_error_msg(status)));
 
 	/* Check account and password */
@@ -607,6 +607,13 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 		return status;
 	}
 
+	if (server_info->guest) {
+		/* We don't like guest domain logons... */
+		DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
+		free_server_info(&server_info);
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
 	/* This is the point at which, if the login was successful, that
            the SAM Local Security Authority should record that the user is
            logged in to the domain.  */